Description

Attempting to create non-standard and non-tested algorithms, using weak algorithms, or applying algorithms incorrectly will pose a high weakness to data that is meant to be secure.

Consequences

Confidentiality: The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.

Integrity: The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.

Accountability: Any accountability to message content preserved by cryptography may be subject to attack.

Exposure period

Design: The decision as to what cryptographic algorithm to utilize is generally made at design time.

Platform

Languages: All

Operating platforms: All

Required resources

Any

Severity

High

Likelihood of exploit

Medium to High

Since the state of cryptography advances so rapidly, it is common to find algorithms, which previously were considered to be safe, currently considered unsafe. In some cases, things are discovered, or processing speed increases to the degree that the cryptographic algorithm provides little more benefit than the use of no cryptography at all.